Skip to content

Enable CodeQL as SAST Tool #2112

Enable CodeQL as SAST Tool

Enable CodeQL as SAST Tool #2112

Workflow file for this run

# Copyright (c) 2021-2023 Valve Corporation
# Copyright (c) 2021-2023 LunarG, Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Author: Lenny Komow <[email protected]>
# Author: Charles Giessen <[email protected]>
name: CI Build
# https://docs.github.com/en/actions/using-jobs/using-concurrency
concurrency:
# github.head_ref is only defined on pull_request
# Fallback to the run ID, which is guaranteed to be both unique and defined for the run.
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
on:
push:
pull_request:
branches:
- main
permissions: read-all
jobs:
linux:
runs-on: ${{matrix.os}}
strategy:
matrix:
cc: [ gcc, clang ]
cxx: [ g++, clang++ ]
config: [ Debug, Release ]
os: [ ubuntu-20.04, ubuntu-22.04 ]
exclude:
- cc: gcc
cxx: clang++
- cc: clang
cxx: g++
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: '3.7'
- uses: lukka/get-cmake@latest
with:
cmakeVersion: 3.17.2
- run: sudo apt update
- name: Install Dependencies
run: sudo apt install --yes --no-install-recommends libwayland-dev libxrandr-dev
- name: Generate build files
run: cmake -S. -B build -D CMAKE_BUILD_TYPE=${{matrix.config}} -D BUILD_TESTS=ON -D UPDATE_DEPS=ON -D LOADER_ENABLE_ADDRESS_SANITIZER=ON -D ENABLE_WERROR=ON
env:
CC: ${{matrix.cc}}
CXX: ${{matrix.cxx}}
- name: Build the loader
run: cmake --build build
- name: Install the loader
run: cmake --install build --prefix build/install
- name: Validate pkg-config
run: pkg-config --validate ./build/install/lib/pkgconfig/vulkan.pc
- name: Run regression tests
working-directory: ./build
run: ctest --output-on-failure
- name: Verify generated source files
run: python scripts/generate_source.py --verify external/${{matrix.config}}/Vulkan-Headers/registry
- name: Verify code formatting with clang-format
run: ./scripts/check_code_format.sh
- name: Verify commit message formatting
run: ./scripts/check_commit_message_format.sh
linux-no-asm:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: '3.7'
- uses: lukka/get-cmake@latest
with:
cmakeVersion: 3.17.2
- run: sudo apt update
- name: Install Dependencies
run: sudo apt install --yes --no-install-recommends libwayland-dev libxrandr-dev
- name: Generate build files
run: cmake -S. -B build -D CMAKE_BUILD_TYPE=Release -D BUILD_TESTS=ON -D UPDATE_DEPS=ON -D ENABLE_WERROR=ON -D USE_GAS=OFF
env:
CC: clang
CXX: clang++
- name: Build the loader
run: cmake --build build
- name: Run regression tests
working-directory: ./build
run: ctest --output-on-failure -E UnknownFunction
linux-32:
runs-on: ${{matrix.os}}
strategy:
matrix:
cc: [ gcc, clang ]
cxx: [ g++, clang++ ]
config: [ Debug, Release ]
os: [ ubuntu-20.04, ubuntu-22.04 ]
exclude:
- cc: gcc
cxx: clang++
- cc: clang
cxx: g++
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: '3.7'
- uses: lukka/get-cmake@latest
with:
cmakeVersion: 3.17.2
- name: Enable 32 bit
run: |-
sudo dpkg --add-architecture i386
- name: Update packages
run: |-
sudo apt-get update
- name: Install Dependencies
run: |-
sudo apt install --yes --no-install-recommends gcc-multilib g++-multilib libc6:i386 libc6-dev-i386 libgcc-s1:i386 libwayland-dev:i386 libxrandr-dev:i386
- name: Generate build files
run: cmake -S. -B build -D CMAKE_BUILD_TYPE=${{matrix.config}} -D BUILD_TESTS=ON -D UPDATE_DEPS=ON -D ENABLE_WERROR=ON -D SYSCONFDIR=/etc/not_vulkan
env:
CFLAGS: -m32
CXXFLAGS: -m32
LDFLAGS: -m32
ASFLAGS: --32
- name: Build the loader
run: cmake --build build
- name: Install the loader
run: cmake --install build --prefix build/install
- name: Validate pkg-config
run: pkg-config --validate ./build/install/lib/pkgconfig/vulkan.pc
- name: Run regression tests
working-directory: ./build
run: ctest --output-on-failure
linux-32-no-asm:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: '3.7'
- uses: lukka/get-cmake@latest
with:
cmakeVersion: 3.17.2
- name: Enable 32 bit
run: |-
sudo dpkg --add-architecture i386
- name: Update packages
run: |-
sudo apt-get update
- name: Install Dependencies
run: |-
sudo apt install --yes --no-install-recommends gcc-multilib g++-multilib libc6:i386 libc6-dev-i386 libgcc-s1:i386 libwayland-dev:i386 libxrandr-dev:i386
- name: Generate build files
run: cmake -S. -B build -D CMAKE_BUILD_TYPE=Release -D BUILD_TESTS=ON -D UPDATE_DEPS=ON -D ENABLE_WERROR=ON -D USE_GAS=OFF
env:
CFLAGS: -m32
CXXFLAGS: -m32
LDFLAGS: -m32
ASFLAGS: --32
- name: Build the loader
run: cmake --build build
- name: Run regression tests
working-directory: ./build
run: ctest --output-on-failure -E UnknownFunction
windows_vs:
runs-on: windows-latest
strategy:
matrix:
arch: [ Win32, x64 ]
config: [ Debug, Release ]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: '3.7'
- name: Generate build files
run: cmake -S. -B build -DBUILD_TESTS=ON -DUPDATE_DEPS=ON -D CMAKE_BUILD_TYPE=${{matrix.config}} -A ${{ matrix.arch }} -D ENABLE_WERROR=ON
- name: Build the loader
run: cmake --build ./build --config ${{matrix.config}}
- name: Install the loader
run: cmake --install build --prefix build/install --config ${{matrix.config}}
- name: Run regression tests
working-directory: ./build
run: ctest --output-on-failure -C ${{matrix.config}}
windows_vs-no-asm:
runs-on: windows-latest
strategy:
matrix:
arch: [ Win32, x64 ]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: '3.7'
- name: Generate build files
run: cmake -S. -B build -DBUILD_TESTS=ON -DUPDATE_DEPS=ON -D USE_MASM=OFF -D CMAKE_BUILD_TYPE=Release -A ${{ matrix.arch }} -D ENABLE_WERROR=ON
- name: Build the loader
run: cmake --build ./build --config Release
- name: Run regression tests
working-directory: ./build
run: ctest --output-on-failure -C Release -E UnknownFunction
# Something about Github Actions + Windows + Ninja + Unicode doesn't play nicely together.
# https://github.com/KhronosGroup/Vulkan-Loader/pull/1188#issuecomment-1536659318
#
# Disable testing explicitly for Ninja. But still ensure it builds properly.
windows_ninja:
runs-on: windows-2019
strategy:
matrix:
arch: [ Win32, x64 ]
config: [ Debug, Release ]
exclude:
- arch: Win32
config: release
- arch: x64
config: debug
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: '3.7'
- uses: ilammy/msvc-dev-cmd@v1
with:
arch: ${{ matrix.arch }}
- name: Configure
run: cmake -S. -B build -DUPDATE_DEPS=ON -D CMAKE_BUILD_TYPE=${{matrix.config}} -G "Ninja" -D ENABLE_WERROR=ON -D LOADER_USE_UNSAFE_FILE_SEARCH=ON
- name: Build
run: cmake --build ./build
- name: Install the loader
run: cmake --install build --prefix build/install
# Make sure clang-cl builds still succeed - used by the chromium project
windows_clang_cl:
runs-on: windows-2022
strategy:
matrix:
arch: [ x64 ]
config: [ Release ]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: '3.7'
- uses: ilammy/msvc-dev-cmd@v1
with:
arch: ${{ matrix.arch }}
- name: Configure
run: cmake -S. -B build -D UPDATE_DEPS=ON -D BUILD_TESTS=ON -D CMAKE_BUILD_TYPE=${{matrix.config}} -T "ClangCL" -D ENABLE_WERROR=ON
- name: Build
run: cmake --build ./build --config ${{matrix.config}}
- name: Install the loader
run: cmake --install build --prefix build/install --config ${{matrix.config}}
- name: Run regression tests
working-directory: ./build
run: ctest --output-on-failure -C ${{matrix.config}}
mac:
runs-on: ${{matrix.os}}
strategy:
matrix:
config: [ Debug, Release ]
os: [ macos-11, macos-latest ]
static_build: [ BUILD_STATIC_LOADER=ON, BUILD_STATIC_LOADER=OFF ]
exclude:
- os: macos-latest
static_build: BUILD_STATIC_LOADER=ON
- config: Debug
os: macos-11
static_build: BUILD_STATIC_LOADER=ON
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: '3.7'
- uses: lukka/get-cmake@latest
- name: Generate build files
run: cmake -S. -B build -D CMAKE_BUILD_TYPE=${{matrix.config}} -D ${{matrix.static_build}} -D BUILD_TESTS=ON -D UPDATE_DEPS=ON -D ENABLE_WERROR=ON -D LOADER_ENABLE_ADDRESS_SANITIZER=ON -G "Ninja"
env:
# Specify the minimum version of macOS on which the target binaries are to be deployed.
# https://cmake.org/cmake/help/latest/envvar/MACOSX_DEPLOYMENT_TARGET.html
MACOSX_DEPLOYMENT_TARGET: 10.12
- name: Build the loader
run: cmake --build build
- name: Install the loader
run: cmake --install build --prefix build/install
- name: Run regression tests
working-directory: ./build
run: ctest --output-on-failure
mac-no-asm:
runs-on: macos-latest
strategy:
matrix:
static_build: [ BUILD_STATIC_LOADER=ON, BUILD_STATIC_LOADER=OFF ]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: '3.7'
- uses: lukka/get-cmake@latest
- name: Generate build files
run: cmake -S. -B build -D CMAKE_BUILD_TYPE=Release -D ${{matrix.static_build}} -D BUILD_TESTS=ON -D UPDATE_DEPS=ON -D ENABLE_WERROR=ON -D USE_GAS=OFF -G "Ninja"
env:
# Specify the minimum version of macOS on which the target binaries are to be deployed.
# https://cmake.org/cmake/help/latest/envvar/MACOSX_DEPLOYMENT_TARGET.html
MACOSX_DEPLOYMENT_TARGET: 10.12
- name: Build the loader
run: cmake --build build
- name: Run regression tests
working-directory: ./build
run: ctest --output-on-failure -E UnknownFunction
gn:
runs-on: ubuntu-20.04
strategy:
matrix:
config: [ Debug, Release ]
steps:
- uses: actions/checkout@v3
- name: Get depot tools
run: |
git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git depot_tools
echo "$GITHUB_WORKSPACE/depot_tools" >> $GITHUB_PATH
- name: Fetch and install headers
run: ./build-gn/update_deps.sh
- name: Generate build files
run: gn gen out/${{matrix.config}} --args="is_debug=true"
if: matrix.config != 'Release'
- name: Generate build files
run: gn gen out/${{matrix.config}} --args="is_debug=false"
if: matrix.config == 'Release'
- name: Build the loader
run: ninja -C out/${{matrix.config}}
# MinGW uses JWASM to compile the assembly code - since that isn't available on github actions, this run is disabled
# mingw:
# runs-on: windows-2022
# defaults:
# run:
# shell: bash
# steps:
# - uses: actions/checkout@v3
# - name: Setup ccache
# uses: hendrikmuhs/[email protected]
# with:
# key: mingw-ccache
# - uses: actions/setup-python@v4
# with:
# python-version: '3.8'
# - uses: lukka/get-cmake@latest
# - name: GCC Version
# run: gcc --version # If this fails MINGW is not setup correctly
# - name: Configure
# run: cmake -S. -B build -D UPDATE_DEPS=ON -D CMAKE_BUILD_TYPE=Release
# env:
# LDFLAGS: -fuse-ld=lld # MINGW linking is very slow. Use llvm linker instead.
# CMAKE_C_COMPILER_LAUNCHER: ccache
# CMAKE_CXX_COMPILER_LAUNCHER: ccache
# CMAKE_GENERATOR: Ninja
# - name: Build
# run: cmake --build build -- --quiet
# - name: Install
# run: cmake --install build --prefix build/install
# - name: MinGW ccache stats # The Post Setup ccache doesn't work right on MinGW
# run: ccache --show-stats
mingw-no-asm:
runs-on: windows-2022
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@v3
- name: Setup ccache
uses: hendrikmuhs/[email protected]
with:
key: mingw-ccache
- uses: actions/setup-python@v4
with:
python-version: '3.8'
- uses: lukka/get-cmake@latest
- name: GCC Version
run: gcc --version # If this fails MINGW is not setup correctly
- name: Configure
run: cmake -S. -B build -D UPDATE_DEPS=ON -D CMAKE_BUILD_TYPE=Release -D ENABLE_WERROR=ON
env:
LDFLAGS: -fuse-ld=lld # MINGW linking is very slow. Use llvm linker instead.
CMAKE_C_COMPILER_LAUNCHER: ccache
CMAKE_CXX_COMPILER_LAUNCHER: ccache
CMAKE_GENERATOR: Ninja
- name: Build
run: cmake --build build -- --quiet
- name: Install
run: cmake --install build --prefix build/install
- name: MinGW ccache stats # The Post Setup ccache doesn't work right on MinGW
run: ccache --show-stats